|
Cybersecurity Risk Management , Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Cybersecurity risk management and strategy
Our cybersecurity risk management strategy and processes, which are integrated into our overall risk management process, for assessing, identifying and managing material risks from cybersecurity threats are designed based on established frameworks and standards developed by the National Institute of Standards and Technology (“NIST”). Although this does not mean that we currently meet all technical standards, specifications, or requirements, we use this framework, complemented by insights from internal assessments, to guide the development of policies governing the use of our information assets, access to intellectual property, and the safeguarding of personal information.
We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity defense strategy based on prevention, detection and containment. We employ industry standard measures directly or indirectly related to cybersecurity, such as multifactor authentication, endpoint protection defenses, antivirus protection, encryption standards, restricting access based on business necessity, and remote access monitoring. Our employees undergo regular cybersecurity awareness training, receive guidance on protecting confidential information, and participate in simulated phishing exercises. The training provides employees with a baseline understanding of cybersecurity fundamentals to prevent security breaches and safely identify potential threats. We engage third parties to conduct penetration testing and evaluate our adherence to industry-standard frameworks. We assess the security framework employed by our third party service providers including their reports on security, availability and confidentiality to assess and identify material risks from cybersecurity threats associated with our use of third party applications. We have also established liaison programs with the Federal Bureau of Investigation (“FBI”) and U.S. Cybersecurity & Infrastructure Security Agency (“CISA”) to monitor, identify, and counter advanced persistent threats specific to our company and industry. As part of this program, we have an FBI Special Agent assigned as our Liaison Officer who provides us with periodic cybersecurity threat briefings, and also provides counter-threat support on request.
As of December 31, 2024, we have not identified any risks from cybersecurity threats (including any previous cybersecurity incidents) that have materially affected or are reasonably likely to materially affect our business strategy, financial condition or results of operations. For further details on cybersecurity risks, please refer to the Risk Factors discussion in Item 1A of this Annual Report, including the discussion under the heading “Cyberattacks impacting our networks or systems may have a material effect on our operations.”
Governance of cybersecurity risk management
Our Board of Directors, acting through the Audit Committee, is responsible for overseeing management’s implementation and execution of the risk management process, including our cybersecurity risk management strategy and processes. Our Audit Committee reviews and deliberates on our risk assessment and risk management practices, including cybersecurity risks, in collaboration with management.
Management bears the responsibility for the day-to-day assessment and management of cybersecurity risks. We have formed a Cyber Security Incident Response Team (“CSIRT”) to manage and govern the response to any real or suspected cybersecurity incidents. The CSIRT core team, consisting of the information technology team with substantial relevant experience in designing and managing our information technology infrastructure and system, classifies detected cybersecurity incidents into one of three
categories based on potential impact to the functionality of the affected systems, possible or known information involved and recoverability effort. The classification of cybersecurity incidents is designed to allow rapid prioritization, response and escalation. The CSIRT core team engages with third party experts and cross-functional CSIRT members, as required, to manage the cybersecurity incidents. Cybersecurity incidents that are potentially significant or could result in a material impact are reported to the CSIRT Executive team, consisting of designated executives of the Company. The CSIRT Executive team is responsible for the oversight of the cybersecurity incidents and related critical decisions, performing a materiality assessment, overseeing the public disclosure of material cybersecurity matters, engaging law enforcement agencies, including our local FBI Liaison Officer, correspondence with the media, and communicating with our Audit Committee and Board of Directors, as appropriate.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Our cybersecurity risk management strategy and processes, which are integrated into our overall risk management process, for assessing, identifying and managing material risks from cybersecurity threats are designed based on established frameworks and standards developed by the National Institute of Standards and Technology (“NIST”). Although this does not mean that we currently meet all technical standards, specifications, or requirements, we use this framework, complemented by insights from internal assessments, to guide the development of policies governing the use of our information assets, access to intellectual property, and the safeguarding of personal information.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance of cybersecurity risk management
Our Board of Directors, acting through the Audit Committee, is responsible for overseeing management’s implementation and execution of the risk management process, including our cybersecurity risk management strategy and processes. Our Audit Committee reviews and deliberates on our risk assessment and risk management practices, including cybersecurity risks, in collaboration with management.
Management bears the responsibility for the day-to-day assessment and management of cybersecurity risks. We have formed a Cyber Security Incident Response Team (“CSIRT”) to manage and govern the response to any real or suspected cybersecurity incidents. The CSIRT core team, consisting of the information technology team with substantial relevant experience in designing and managing our information technology infrastructure and system, classifies detected cybersecurity incidents into one of three
categories based on potential impact to the functionality of the affected systems, possible or known information involved and recoverability effort. The classification of cybersecurity incidents is designed to allow rapid prioritization, response and escalation. The CSIRT core team engages with third party experts and cross-functional CSIRT members, as required, to manage the cybersecurity incidents. Cybersecurity incidents that are potentially significant or could result in a material impact are reported to the CSIRT Executive team, consisting of designated executives of the Company. The CSIRT Executive team is responsible for the oversight of the cybersecurity incidents and related critical decisions, performing a materiality assessment, overseeing the public disclosure of material cybersecurity matters, engaging law enforcement agencies, including our local FBI Liaison Officer, correspondence with the media, and communicating with our Audit Committee and Board of Directors, as appropriate.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Board of Directors, acting through the Audit Committee, is responsible for overseeing management’s implementation and execution of the risk management process, including our cybersecurity risk management strategy and processes. Our Audit Committee reviews and deliberates on our risk assessment and risk management practices, including cybersecurity risks, in collaboration with management.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The CSIRT Executive team is responsible for the oversight of the cybersecurity incidents and related critical decisions, performing a materiality assessment, overseeing the public disclosure of material cybersecurity matters, engaging law enforcement agencies, including our local FBI Liaison Officer, correspondence with the media, and communicating with our Audit Committee and Board of Directors, as appropriate.
|Cybersecurity Risk Role of Management [Text Block]
|
Management bears the responsibility for the day-to-day assessment and management of cybersecurity risks. We have formed a Cyber Security Incident Response Team (“CSIRT”) to manage and govern the response to any real or suspected cybersecurity incidents. The CSIRT core team, consisting of the information technology team with substantial relevant experience in designing and managing our information technology infrastructure and system, classifies detected cybersecurity incidents into one of three
categories based on potential impact to the functionality of the affected systems, possible or known information involved and recoverability effort. The classification of cybersecurity incidents is designed to allow rapid prioritization, response and escalation. The CSIRT core team engages with third party experts and cross-functional CSIRT members, as required, to manage the cybersecurity incidents. Cybersecurity incidents that are potentially significant or could result in a material impact are reported to the CSIRT Executive team, consisting of designated executives of the Company. The CSIRT Executive team is responsible for the oversight of the cybersecurity incidents and related critical decisions, performing a materiality assessment, overseeing the public disclosure of material cybersecurity matters, engaging law enforcement agencies, including our local FBI Liaison Officer, correspondence with the media, and communicating with our Audit Committee and Board of Directors, as appropriate.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Management bears the responsibility for the day-to-day assessment and management of cybersecurity risks. We have formed a Cyber Security Incident Response Team (“CSIRT”) to manage and govern the response to any real or suspected cybersecurity incidents
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CSIRT core team, consisting of the information technology team with substantial relevant experience in designing and managing our information technology infrastructure and system, classifies detected cybersecurity incidents into one of three categories based on potential impact to the functionality of the affected systems, possible or known information involved and recoverability effort.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef